[Forensics-changes] [yara] 85/407: Remove DirectoryEntries from IMAGE_RESOURCE_DIRECTORY

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit ce8f8c4444c31e3beac12b901420d5933497ee38
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Thu Oct 9 10:10:09 2014 +0200

    Remove DirectoryEntries from IMAGE_RESOURCE_DIRECTORY
    
    In the official declaration in winnt.h DirectoryEntries is not part of IMAGE_RESOURCE_DIRECTORY.
---
 libyara/include/yara/pe.h | 1 -
 libyara/modules/pe.c      | 8 +++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/libyara/include/yara/pe.h b/libyara/include/yara/pe.h
index 5aca469..22123ea 100644
--- a/libyara/include/yara/pe.h
+++ b/libyara/include/yara/pe.h
@@ -367,7 +367,6 @@ typedef struct _IMAGE_RESOURCE_DIRECTORY {
     WORD  MinorVersion;
     WORD  NumberOfNamedEntries;
     WORD  NumberOfIdEntries;
-    IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[1];
 } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
 
 #pragma pack(pop)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index d0660bc..3e79022 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -208,7 +208,13 @@ int _pe_iterate_resources(
   int total_entries = resource_dir->NumberOfNamedEntries +
                       resource_dir->NumberOfIdEntries;
 
-  PIMAGE_RESOURCE_DIRECTORY_ENTRY entry = &resource_dir->DirectoryEntries[0];
+  PIMAGE_RESOURCE_DIRECTORY_ENTRY entry;
+
+  // The first directory entry is just after the resource directory,
+  // by incrementing resource_dir we skip sizeof(resource_dir) bytes
+  // and get a pointer to the end of the resource directory.
+
+  entry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) (resource_dir + 1);
 
   for (int i = 0; i < total_entries; i++)
   {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git